open-consul/agent/config/testdata/full-config.hcl

747 lines
20 KiB
HCL
Raw Normal View History

acl_agent_master_token = "furuQD0b"
acl_agent_token = "cOshLOQ2"
acl_datacenter = "m3urck3z"
acl_default_policy = "ArK3WIfE"
acl_down_policy = "vZXMfMP0"
acl_enable_key_list_policy = true
acl_master_token = "C1Q1oIwh"
acl_replication_token = "LMmgy5dO"
acl_token = "O1El0wan"
acl_ttl = "18060s"
acl = {
enabled = true
down_policy = "03eb2aee"
default_policy = "72c2e7a0"
enable_key_list_policy = true
enable_token_persistence = true
policy_ttl = "1123s"
role_ttl = "9876s"
token_ttl = "3321s"
enable_token_replication = true
msp_disable_bootstrap = true
tokens = {
master = "8a19ac27",
initial_management = "3820e09a",
agent_master = "64fd0e08",
agent_recovery = "1dba6aba",
replication = "5795983a",
agent = "bed2377c",
default = "418fdff1",
managed_service_provider = [
{
accessor_id = "first",
secret_id = "fb0cee1f-2847-467c-99db-a897cff5fd4d"
},
{
accessor_id = "second",
secret_id = "1046c8da-e166-4667-897a-aefb343db9db"
}
]
}
}
addresses = {
dns = "93.95.95.81"
http = "83.39.91.39"
https = "95.17.17.19"
grpc = "32.31.61.91"
}
advertise_addr = "17.99.29.16"
advertise_addr_wan = "78.63.37.19"
advertise_reconnect_timeout = "0s"
audit = {
enabled = true
}
auto_config = {
enabled = false
intro_token = "OpBPGRwt"
intro_token_file = "gFvAXwI8"
dns_sans = ["6zdaWg9J"]
ip_sans = ["198.18.99.99"]
server_addresses = ["198.18.100.1"]
authorization = {
enabled = true
static {
allow_reuse = true
claim_mappings = {
node = "node"
}
list_claim_mappings = {
foo = "bar"
}
bound_issuer = "consul"
bound_audiences = ["consul-cluster-1"]
claim_assertions = ["value.node == \"${node}\""]
jwt_validation_pub_keys = ["-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERVchfCZng4mmdvQz1+sJHRN40snC\nYt8NjYOnbnScEXMkyoUmASr88gb7jaVAVt3RYASAbgBjB2Z+EUizWkx5Tg==\n-----END PUBLIC KEY-----"]
}
}
}
autopilot = {
cleanup_dead_servers = true
disable_upgrade_migration = true
last_contact_threshold = "12705s"
max_trailing_logs = 17849
min_quorum = 3
redundancy_zone_tag = "3IsufDJf"
server_stabilization_time = "23057s"
upgrade_version_tag = "W9pDwFAL"
}
bind_addr = "16.99.34.17"
bootstrap_expect = 53
cache = {
entry_fetch_max_burst = 42
entry_fetch_rate = 0.334
},
use_streaming_backend = true
ca_file = "erA7T0PM"
ca_path = "mQEN1Mfp"
cert_file = "7s4QAzDk"
check = {
id = "fZaCAXww"
name = "OOM2eo0f"
notes = "zXzXI9Gt"
service_id = "L8G0QNmR"
token = "oo4BCTgJ"
status = "qLykAl5u"
args = ["f3BemRjy", "e5zgpef7"]
http = "29B93haH"
header = {
hBq0zn1q = [ "2a9o9ZKP", "vKwA5lR6" ]
f3r6xFtM = [ "RyuIdDWv", "QbxEcIUM" ]
}
method = "Dou0nGT5"
body = "5PBQd2OT"
disable_redirects = true
tcp = "JY6fTTcw"
h2ping = "rQ8eyCSF"
2021-10-05 01:36:18 +00:00
h2ping_use_tls = false
interval = "18714s"
output_max_size = 4096
docker_container_id = "qF66POS9"
shell = "sOnDy228"
tls_server_name = "7BdnzBYk"
tls_skip_verify = true
timeout = "5954s"
deregister_critical_service_after = "13209s"
},
checks = [
{
id = "uAjE6m9Z"
name = "QsZRGpYr"
notes = "VJ7Sk4BY"
service_id = "lSulPcyz"
token = "toO59sh8"
status = "9RlWsXMV"
args = ["4BAJttck", "4D2NPtTQ"]
http = "dohLcyQ2"
header = {
"ZBfTin3L" = [ "1sDbEqYG", "lJGASsWK" ]
"Ui0nU99X" = [ "LMccm3Qe", "k5H5RggQ" ]
}
method = "aldrIQ4l"
body = "wSjTy7dg"
disable_redirects = true
tcp = "RJQND605"
h2ping = "9N1cSb5B"
2021-10-05 01:36:18 +00:00
h2ping_use_tls = false
interval = "22164s"
output_max_size = 4096
docker_container_id = "ipgdFtjd"
shell = "qAeOYy0M"
tls_server_name = "bdeb5f6a"
tls_skip_verify = true
timeout = "1813s"
deregister_critical_service_after = "14232s"
},
{
id = "Cqq95BhP"
name = "3qXpkS0i"
notes = "sb5qLTex"
service_id = "CmUUcRna"
token = "a3nQzHuy"
status = "irj26nf3"
args = ["9s526ogY", "gSlOHj1w"]
http = "yzhgsQ7Y"
header = {
"zcqwA8dO" = [ "qb1zx0DL", "sXCxPFsD" ]
"qxvdnSE9" = [ "6wBPUYdF", "YYh8wtSZ" ]
}
method = "gLrztrNw"
body = "0jkKgGUC"
disable_redirects = false
tcp = "4jG5casb"
h2ping = "HCHU7gEb"
2021-10-05 01:36:18 +00:00
h2ping_use_tls = false
interval = "28767s"
output_max_size = 4096
docker_container_id = "THW6u7rL"
shell = "C1Zt3Zwh"
tls_server_name = "6adc3bfb"
tls_skip_verify = true
timeout = "18506s"
deregister_critical_service_after = "2366s"
}
]
check_update_interval = "16507s"
client_addr = "93.83.18.19"
config_entries {
# This is using the repeated block-to-array HCL magic
bootstrap {
kind = "proxy-defaults"
name = "global"
config {
foo = "bar"
bar = 1.0
}
}
}
auto_encrypt = {
tls = false
dns_san = ["a.com", "b.com"]
ip_san = ["192.168.4.139", "192.168.4.140"]
allow_tls = true
}
connect {
ca_provider = "consul"
ca_config {
intermediate_cert_ttl = "8760h"
leaf_cert_ttl = "1h"
root_cert_ttl = "96360h"
# hack float since json parses numbers as float and we have to
# assert against the same thing
csr_max_per_second = 100.0
csr_max_concurrent = 2.0
}
enable_mesh_gateway_wan_federation = false
enabled = true
enable_serverless_plugin = true
}
gossip_lan {
gossip_nodes = 6
gossip_interval = "25252s"
retransmit_mult = 1234
suspicion_mult = 1235
probe_interval = "101ms"
probe_timeout = "102ms"
}
gossip_wan {
gossip_nodes = 2
gossip_interval = "6966s"
retransmit_mult = 16384
suspicion_mult = 16385
probe_interval = "103ms"
probe_timeout = "104ms"
}
datacenter = "rzo029wg"
default_query_time = "16743s"
disable_anonymous_signature = true
disable_coordinates = true
disable_host_node_id = true
disable_http_unprintable_char_filter = true
disable_keyring_file = true
disable_remote_exec = true
disable_update_check = true
discard_check_output = true
discovery_max_stale = "5s"
domain = "7W1xXSqd"
alt_domain = "1789hsd"
dns_config {
allow_stale = true
a_record_limit = 29907
disable_compression = true
enable_truncate = true
max_stale = "29685s"
node_ttl = "7084s"
only_passing = true
recursor_timeout = "4427s"
service_ttl = {
"*" = "32030s"
}
udp_answer_limit = 29909
use_cache = true
cache_max_age = "5m"
prefer_namespace = true
}
enable_acl_replication = true
enable_agent_tls_for_checks = true
enable_central_service_config = false
enable_debug = true
enable_script_checks = true
enable_local_script_checks = true
enable_syslog = true
encrypt = "A4wELWqH"
encrypt_verify_incoming = true
encrypt_verify_outgoing = true
http_config {
block_endpoints = [ "RBvAFcGD", "fWOWFznh" ]
allow_write_http_from = [ "127.0.0.1/8", "22.33.44.55/32", "0.0.0.0/0" ]
response_headers = {
"M6TKa9NP" = "xjuxjOzQ"
"JRCrHZed" = "rl0mTx81"
}
use_cache = false
max_header_bytes = 10
}
key_file = "IEkkwgIA"
leave_on_terminate = true
license_path = "/path/to/license.lic"
limits {
http_max_conns_per_client = 100
https_handshake_timeout = "2391ms"
rpc_handshake_timeout = "1932ms"
rpc_rate = 12029.43
rpc_max_burst = 44848
rpc_max_conns_per_client = 2954
kv_max_value_size = 1234567800
txn_max_req_len = 567800000
}
log_level = "k1zo9Spt"
log_json = true
max_query_time = "18237s"
node_id = "AsUIlw99"
node_meta {
"5mgGQMBk" = "mJLtVMSG"
"A7ynFMJB" = "0Nx6RGab"
}
node_name = "otlLxGaI"
non_voting_server = true
partition = ""
peering {
enabled = true
}
performance {
leave_drain_time = "8265s"
raft_multiplier = 5
rpc_hold_timeout = "15707s"
}
pid_file = "43xN80Km"
ports {
dns = 7001
http = 7999
https = 15127
server = 3757
grpc = 4881
proxy_min_port = 2000
proxy_max_port = 3000
sidecar_min_port = 8888
sidecar_max_port = 9999
expose_min_port = 1111
expose_max_port = 2222
}
protocol = 30793
primary_datacenter = "ejtmd43d"
primary_gateways = [ "aej8eeZo", "roh2KahS" ]
primary_gateways_interval = "18866s"
raft_protocol = 3
raft_snapshot_threshold = 16384
raft_snapshot_interval = "30s"
raft_trailing_logs = 83749
raft_boltdb {
NoFreelistSync = true
}
read_replica = true
reconnect_timeout = "23739s"
reconnect_timeout_wan = "26694s"
recursors = [ "63.38.39.58", "92.49.18.18" ]
rejoin_after_leave = true
retry_interval = "8067s"
retry_interval_wan = "28866s"
retry_join = [ "pbsSFY7U", "l0qLtWij" ]
retry_join_wan = [ "PFsR02Ye", "rJdQIhER" ]
retry_max = 913
retry_max_wan = 23160
rpc {
enable_streaming = true
}
segment_limit = 123
serf_lan = "99.43.63.15"
serf_wan = "67.88.33.19"
server = true
server_name = "Oerr9n1G"
service = {
id = "dLOXpSCI"
name = "o1ynPkp0"
meta = {
mymeta = "data"
}
tagged_addresses = {
lan = {
address = "2d79888a"
port = 2143
}
wan = {
address = "d4db85e2"
port = 6109
}
}
tags = ["nkwshvM5", "NTDWn3ek"]
address = "cOlSOhbp"
token = "msy7iWER"
port = 24237
weights = {
passing = 100,
warning = 1
}
enable_tag_override = true
check = {
id = "RMi85Dv8"
name = "iehanzuq"
status = "rCvn53TH"
notes = "fti5lfF3"
args = ["16WRUmwS", "QWk7j7ae"]
http = "dl3Fgme3"
header = {
rjm4DEd3 = [ "2m3m2Fls" ]
l4HwQ112 = [ "fk56MNlo", "dhLK56aZ" ]
}
method = "9afLm3Mj"
body = "wVVL2V6f"
disable_redirects = true
tcp = "fjiLFqVd"
h2ping = "5NbNWhan"
2021-10-05 01:36:18 +00:00
h2ping_use_tls = false
interval = "23926s"
docker_container_id = "dO5TtRHk"
shell = "e6q2ttES"
tls_server_name = "ECSHk8WF"
tls_skip_verify = true
timeout = "38483s"
deregister_critical_service_after = "68787s"
}
checks = [
{
id = "Zv99e9Ka"
name = "sgV4F7Pk"
notes = "yP5nKbW0"
status = "7oLMEyfu"
args = ["5wEZtZpv", "0Ihyk8cS"]
http = "KyDjGY9H"
header = {
"gv5qefTz" = [ "5Olo2pMG", "PvvKWQU5" ]
"SHOVq1Vv" = [ "jntFhyym", "GYJh32pp" ]
}
method = "T66MFBfR"
body = "OwGjTFQi"
disable_redirects = true
tcp = "bNnNfx2A"
h2ping = "qC1pidiW"
2021-10-05 01:36:18 +00:00
h2ping_use_tls = false
interval = "22224s"
output_max_size = 4096
docker_container_id = "ipgdFtjd"
shell = "omVZq7Sz"
tls_server_name = "axw5QPL5"
tls_skip_verify = true
timeout = "18913s"
deregister_critical_service_after = "8482s"
},
{
id = "G79O6Mpr"
name = "IEqrzrsd"
notes = "SVqApqeM"
status = "XXkVoZXt"
args = ["wD05Bvao", "rLYB7kQC"]
http = "kyICZsn8"
header = {
"4ebP5vL4" = [ "G20SrL5Q", "DwPKlMbo" ]
"p2UI34Qz" = [ "UsG1D0Qh", "NHhRiB6s" ]
}
method = "ciYHWors"
body = "lUVLGYU7"
disable_redirects = false
tcp = "FfvCwlqH"
h2ping = "spI3muI3"
2021-10-05 01:36:18 +00:00
h2ping_use_tls = false
interval = "12356s"
output_max_size = 4096
docker_container_id = "HBndBU6R"
shell = "hVI33JjA"
tls_server_name = "7uwWOnUS"
tls_skip_verify = true
timeout = "38282s"
deregister_critical_service_after = "4992s"
}
]
connect {
native = true
}
}
services = [
{
id = "wI1dzxS4"
name = "7IszXMQ1"
tags = ["0Zwg8l6v", "zebELdN5"]
address = "9RhqPSPB"
token = "myjKJkWH"
port = 72219
enable_tag_override = true
check = {
id = "qmfeO5if"
name = "atDGP7n5"
status = "pDQKEhWL"
notes = "Yt8EDLev"
args = ["81EDZLPa", "bPY5X8xd"]
http = "qzHYvmJO"
header = {
UkpmZ3a3 = [ "2dfzXuxZ" ]
cVFpko4u = [ "gGqdEB6k", "9LsRo22u" ]
}
method = "X5DrovFc"
body = "WeikigLh"
disable_redirects = true
tcp = "ICbxkpSF"
h2ping = "7s7BbMyb"
2021-10-05 01:36:18 +00:00
h2ping_use_tls = false
interval = "24392s"
output_max_size = 4096
docker_container_id = "ZKXr68Yb"
shell = "CEfzx0Fo"
tls_server_name = "4f191d4F"
tls_skip_verify = true
timeout = "38333s"
deregister_critical_service_after = "44214s"
}
connect {
sidecar_service {}
}
},
{
id = "MRHVMZuD"
name = "6L6BVfgH"
tags = ["7Ale4y6o", "PMBW08hy"]
address = "R6H6g8h0"
token = "ZgY8gjMI"
port = 38292
weights = {
passing = 1979,
warning = 6
}
enable_tag_override = true
checks = [
{
id = "GTti9hCo"
name = "9OOS93ne"
notes = "CQy86DH0"
status = "P0SWDvrk"
args = ["EXvkYIuG", "BATOyt6h"]
http = "u97ByEiW"
header = {
"MUlReo8L" = [ "AUZG7wHG", "gsN0Dc2N" ]
"1UJXjVrT" = [ "OJgxzTfk", "xZZrFsq7" ]
}
method = "5wkAxCUE"
body = "7CRjCJyz"
disable_redirects = false
tcp = "MN3oA9D2"
h2ping = "OV6Q2XEg"
2021-10-05 01:36:18 +00:00
h2ping_use_tls = false
interval = "32718s"
output_max_size = 4096
docker_container_id = "cU15LMet"
shell = "nEz9qz2l"
tls_server_name = "f43ouY7a"
tls_skip_verify = true
timeout = "34738s"
deregister_critical_service_after = "84282s"
},
{
id = "UHsDeLxG"
name = "PQSaPWlT"
notes = "jKChDOdl"
status = "5qFz6OZn"
output_max_size = 4096
timeout = "4868s"
ttl = "11222s"
deregister_critical_service_after = "68482s"
}
]
connect {}
},
{
id = "Kh81CPF6"
name = "Kh81CPF6-proxy"
port = 31471
kind = "connect-proxy"
proxy {
destination_service_name = "6L6BVfgH"
destination_service_id = "6L6BVfgH-id"
local_service_address = "127.0.0.2"
local_service_port = 23759
config {
cedGGtZf = "pWrUNiWw"
}
upstreams = [
{
destination_name = "KPtAj2cb"
local_bind_port = 4051
config {
kzRnZOyd = "nUNKoL8H"
}
},
{
destination_type = "prepared_query"
destination_namespace = "9nakw0td"
2021-08-20 16:57:45 +00:00
destination_partition = "part-9nakw0td"
destination_name = "KSd8HsRl"
local_bind_port = 11884
local_bind_address = "127.24.88.0"
},
{
destination_type = "prepared_query"
destination_namespace = "9nakw0td"
2021-08-20 16:57:45 +00:00
destination_partition = "part-9nakw0td"
destination_name = "placeholder"
local_bind_socket_path = "/foo/bar/upstream"
local_bind_socket_mode = "0600"
},
]
expose {
checks = true
paths = [
{
path = "/health"
local_path_port = 8080
listener_port = 21500
protocol = "http"
}
]
}
mode = "transparent"
transparent_proxy = {
outbound_listener_port = 10101
dialed_directly = true
}
}
},
{
id = "kvVqbwSE"
kind = "mesh-gateway"
name = "gw-primary-dc"
port = 27147
proxy {
config {
"1CuJHVfw" = "Kzqsa7yc"
}
}
}
]
session_ttl_min = "26627s"
skip_leave_on_interrupt = true
start_join = [ "LR3hGDoG", "MwVpZ4Up" ]
start_join_wan = [ "EbFSc3nA", "kwXTh623" ]
syslog_facility = "hHv79Uia"
tagged_addresses = {
"7MYgHrYH" = "dALJAhLD"
"h6DdBy6K" = "ebrr9zZ8"
}
telemetry {
circonus_api_app = "p4QOTe9j"
circonus_api_token = "E3j35V23"
circonus_api_url = "mEMjHpGg"
circonus_broker_id = "BHlxUhed"
circonus_broker_select_tag = "13xy1gHm"
circonus_check_display_name = "DRSlQR6n"
circonus_check_force_metric_activation = "Ua5FGVYf"
circonus_check_id = "kGorutad"
circonus_check_instance_id = "rwoOL6R4"
circonus_check_search_tag = "ovT4hT4f"
circonus_check_tags = "prvO4uBl"
circonus_submission_interval = "DolzaflP"
circonus_submission_url = "gTcbS93G"
disable_hostname = true
dogstatsd_addr = "0wSndumK"
dogstatsd_tags = [ "3N81zSUB","Xtj8AnXZ" ]
retry_failed_connection = true
filter_default = true
prefix_filter = [ "+oJotS8XJ","-cazlEhGn" ]
metrics_prefix = "ftO6DySn"
prometheus_retention_time = "15s"
statsd_address = "drce87cy"
statsite_address = "HpFwKB8R"
}
tls {
defaults {
ca_file = "a5tY0opl"
ca_path = "bN63LpXu"
cert_file = "hB4PoxkL"
key_file = "Po0hB1tY"
agent: convert listener config to TLS types (#12522) * tlsutil: initial implementation of types/TLSVersion tlsutil: add test for parsing deprecated agent TLS version strings tlsutil: return TLSVersionInvalid with error tlsutil: start moving tlsutil cipher suite lookups over to types/tls tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup agent: attempt to use types in runtime config agent: implement b.tlsVersion validation in config builder agent: fix tlsVersion nil check in builder tlsutil: update to renamed ParseTLSVersion and goTLSVersions tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion tlsutil: disable invalid config parsing tests tlsutil: update tests auto_config: lookup old config strings from base.TLSMinVersion auto_config: update endpoint tests to use TLS types agent: update runtime_test to use TLS types agent: update TestRuntimeCinfig_Sanitize.golden agent: update config runtime tests to expect TLS types * website: update Consul agent tls_min_version values * agent: fixup TLS parsing and compilation errors * test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test * tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites * test: revert autoconfig tls min version fixtures to old format * types: add TLSVersions public function * agent: add warning for deprecated TLS version strings * agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder * tlsutil(BREAKING): change default TLS min version to TLS 1.2 * agent: move ParseCiphers logic from tlsutil into agent config builder * tlsutil: remove unused CipherString function * agent: fixup import for types package * Revert "tlsutil: remove unused CipherString function" This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c. * agent: fixup config builder and runtime tests * tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig * test: move TLS cipher suites parsing test from tlsutil into agent config builder tests * agent: remove parseCiphers helper from auto_config_endpoint_test * test: remove unused imports from tlsutil * agent: remove resolved FIXME comment * tlsutil: remove TODO and FIXME in cipher suite validation * agent: prevent setting inherited cipher suite config when TLS 1.3 is specified * changelog: add entry for converting agent config to TLS types * agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now * tlsutil: remove config tests for values checked at agent config builder boundary * tlsutil: remove tls version check from loadProtocolConfig * tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites * website: update search link for supported Consul agent cipher suites * website: apply review suggestions for tls_min_version description * website: attempt to clean up markdown list formatting for tls_min_version * website: moar linebreaks to fix tls_min_version formatting * Revert "website: moar linebreaks to fix tls_min_version formatting" This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c. * autoconfig: translate old values for TLSMinVersion * agent: rename var for translated value of deprecated TLS version value * Update agent/config/deprecated.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent: fix lint issue * agent: fixup deprecated config test assertions for updated warning Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 19:32:25 +00:00
tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
tls_min_version = "TLSv1_2"
verify_incoming = true
verify_outgoing = true
}
internal_rpc {
ca_file = "mKl19Utl"
ca_path = "lOp1nhPa"
cert_file = "dfJ4oPln"
key_file = "aL1Knkpo"
agent: convert listener config to TLS types (#12522) * tlsutil: initial implementation of types/TLSVersion tlsutil: add test for parsing deprecated agent TLS version strings tlsutil: return TLSVersionInvalid with error tlsutil: start moving tlsutil cipher suite lookups over to types/tls tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup agent: attempt to use types in runtime config agent: implement b.tlsVersion validation in config builder agent: fix tlsVersion nil check in builder tlsutil: update to renamed ParseTLSVersion and goTLSVersions tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion tlsutil: disable invalid config parsing tests tlsutil: update tests auto_config: lookup old config strings from base.TLSMinVersion auto_config: update endpoint tests to use TLS types agent: update runtime_test to use TLS types agent: update TestRuntimeCinfig_Sanitize.golden agent: update config runtime tests to expect TLS types * website: update Consul agent tls_min_version values * agent: fixup TLS parsing and compilation errors * test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test * tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites * test: revert autoconfig tls min version fixtures to old format * types: add TLSVersions public function * agent: add warning for deprecated TLS version strings * agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder * tlsutil(BREAKING): change default TLS min version to TLS 1.2 * agent: move ParseCiphers logic from tlsutil into agent config builder * tlsutil: remove unused CipherString function * agent: fixup import for types package * Revert "tlsutil: remove unused CipherString function" This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c. * agent: fixup config builder and runtime tests * tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig * test: move TLS cipher suites parsing test from tlsutil into agent config builder tests * agent: remove parseCiphers helper from auto_config_endpoint_test * test: remove unused imports from tlsutil * agent: remove resolved FIXME comment * tlsutil: remove TODO and FIXME in cipher suite validation * agent: prevent setting inherited cipher suite config when TLS 1.3 is specified * changelog: add entry for converting agent config to TLS types * agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now * tlsutil: remove config tests for values checked at agent config builder boundary * tlsutil: remove tls version check from loadProtocolConfig * tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites * website: update search link for supported Consul agent cipher suites * website: apply review suggestions for tls_min_version description * website: attempt to clean up markdown list formatting for tls_min_version * website: moar linebreaks to fix tls_min_version formatting * Revert "website: moar linebreaks to fix tls_min_version formatting" This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c. * autoconfig: translate old values for TLSMinVersion * agent: rename var for translated value of deprecated TLS version value * Update agent/config/deprecated.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent: fix lint issue * agent: fixup deprecated config test assertions for updated warning Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 19:32:25 +00:00
tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
tls_min_version = "TLSv1_1"
verify_incoming = true
verify_outgoing = true
verify_server_hostname = true
}
https {
ca_file = "7Yu1PolM"
ca_path = "nu4PlHzn"
cert_file = "1yrhPlMk"
key_file = "1bHapOkL"
agent: convert listener config to TLS types (#12522) * tlsutil: initial implementation of types/TLSVersion tlsutil: add test for parsing deprecated agent TLS version strings tlsutil: return TLSVersionInvalid with error tlsutil: start moving tlsutil cipher suite lookups over to types/tls tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup agent: attempt to use types in runtime config agent: implement b.tlsVersion validation in config builder agent: fix tlsVersion nil check in builder tlsutil: update to renamed ParseTLSVersion and goTLSVersions tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion tlsutil: disable invalid config parsing tests tlsutil: update tests auto_config: lookup old config strings from base.TLSMinVersion auto_config: update endpoint tests to use TLS types agent: update runtime_test to use TLS types agent: update TestRuntimeCinfig_Sanitize.golden agent: update config runtime tests to expect TLS types * website: update Consul agent tls_min_version values * agent: fixup TLS parsing and compilation errors * test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test * tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites * test: revert autoconfig tls min version fixtures to old format * types: add TLSVersions public function * agent: add warning for deprecated TLS version strings * agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder * tlsutil(BREAKING): change default TLS min version to TLS 1.2 * agent: move ParseCiphers logic from tlsutil into agent config builder * tlsutil: remove unused CipherString function * agent: fixup import for types package * Revert "tlsutil: remove unused CipherString function" This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c. * agent: fixup config builder and runtime tests * tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig * test: move TLS cipher suites parsing test from tlsutil into agent config builder tests * agent: remove parseCiphers helper from auto_config_endpoint_test * test: remove unused imports from tlsutil * agent: remove resolved FIXME comment * tlsutil: remove TODO and FIXME in cipher suite validation * agent: prevent setting inherited cipher suite config when TLS 1.3 is specified * changelog: add entry for converting agent config to TLS types * agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now * tlsutil: remove config tests for values checked at agent config builder boundary * tlsutil: remove tls version check from loadProtocolConfig * tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites * website: update search link for supported Consul agent cipher suites * website: apply review suggestions for tls_min_version description * website: attempt to clean up markdown list formatting for tls_min_version * website: moar linebreaks to fix tls_min_version formatting * Revert "website: moar linebreaks to fix tls_min_version formatting" This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c. * autoconfig: translate old values for TLSMinVersion * agent: rename var for translated value of deprecated TLS version value * Update agent/config/deprecated.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent: fix lint issue * agent: fixup deprecated config test assertions for updated warning Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 19:32:25 +00:00
tls_min_version = "TLSv1_3"
verify_incoming = true
verify_outgoing = true
}
grpc {
ca_file = "lOp1nhJk"
ca_path = "fLponKpl"
cert_file = "a674klPn"
key_file = "1y4prKjl"
agent: convert listener config to TLS types (#12522) * tlsutil: initial implementation of types/TLSVersion tlsutil: add test for parsing deprecated agent TLS version strings tlsutil: return TLSVersionInvalid with error tlsutil: start moving tlsutil cipher suite lookups over to types/tls tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup agent: attempt to use types in runtime config agent: implement b.tlsVersion validation in config builder agent: fix tlsVersion nil check in builder tlsutil: update to renamed ParseTLSVersion and goTLSVersions tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion tlsutil: disable invalid config parsing tests tlsutil: update tests auto_config: lookup old config strings from base.TLSMinVersion auto_config: update endpoint tests to use TLS types agent: update runtime_test to use TLS types agent: update TestRuntimeCinfig_Sanitize.golden agent: update config runtime tests to expect TLS types * website: update Consul agent tls_min_version values * agent: fixup TLS parsing and compilation errors * test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test * tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites * test: revert autoconfig tls min version fixtures to old format * types: add TLSVersions public function * agent: add warning for deprecated TLS version strings * agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder * tlsutil(BREAKING): change default TLS min version to TLS 1.2 * agent: move ParseCiphers logic from tlsutil into agent config builder * tlsutil: remove unused CipherString function * agent: fixup import for types package * Revert "tlsutil: remove unused CipherString function" This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c. * agent: fixup config builder and runtime tests * tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig * test: move TLS cipher suites parsing test from tlsutil into agent config builder tests * agent: remove parseCiphers helper from auto_config_endpoint_test * test: remove unused imports from tlsutil * agent: remove resolved FIXME comment * tlsutil: remove TODO and FIXME in cipher suite validation * agent: prevent setting inherited cipher suite config when TLS 1.3 is specified * changelog: add entry for converting agent config to TLS types * agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now * tlsutil: remove config tests for values checked at agent config builder boundary * tlsutil: remove tls version check from loadProtocolConfig * tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites * website: update search link for supported Consul agent cipher suites * website: apply review suggestions for tls_min_version description * website: attempt to clean up markdown list formatting for tls_min_version * website: moar linebreaks to fix tls_min_version formatting * Revert "website: moar linebreaks to fix tls_min_version formatting" This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c. * autoconfig: translate old values for TLSMinVersion * agent: rename var for translated value of deprecated TLS version value * Update agent/config/deprecated.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent: fix lint issue * agent: fixup deprecated config test assertions for updated warning Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 19:32:25 +00:00
tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
tls_min_version = "TLSv1_0"
verify_incoming = true
}
}
agent: convert listener config to TLS types (#12522) * tlsutil: initial implementation of types/TLSVersion tlsutil: add test for parsing deprecated agent TLS version strings tlsutil: return TLSVersionInvalid with error tlsutil: start moving tlsutil cipher suite lookups over to types/tls tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup agent: attempt to use types in runtime config agent: implement b.tlsVersion validation in config builder agent: fix tlsVersion nil check in builder tlsutil: update to renamed ParseTLSVersion and goTLSVersions tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion tlsutil: disable invalid config parsing tests tlsutil: update tests auto_config: lookup old config strings from base.TLSMinVersion auto_config: update endpoint tests to use TLS types agent: update runtime_test to use TLS types agent: update TestRuntimeCinfig_Sanitize.golden agent: update config runtime tests to expect TLS types * website: update Consul agent tls_min_version values * agent: fixup TLS parsing and compilation errors * test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test * tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites * test: revert autoconfig tls min version fixtures to old format * types: add TLSVersions public function * agent: add warning for deprecated TLS version strings * agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder * tlsutil(BREAKING): change default TLS min version to TLS 1.2 * agent: move ParseCiphers logic from tlsutil into agent config builder * tlsutil: remove unused CipherString function * agent: fixup import for types package * Revert "tlsutil: remove unused CipherString function" This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c. * agent: fixup config builder and runtime tests * tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig * test: move TLS cipher suites parsing test from tlsutil into agent config builder tests * agent: remove parseCiphers helper from auto_config_endpoint_test * test: remove unused imports from tlsutil * agent: remove resolved FIXME comment * tlsutil: remove TODO and FIXME in cipher suite validation * agent: prevent setting inherited cipher suite config when TLS 1.3 is specified * changelog: add entry for converting agent config to TLS types * agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now * tlsutil: remove config tests for values checked at agent config builder boundary * tlsutil: remove tls version check from loadProtocolConfig * tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites * website: update search link for supported Consul agent cipher suites * website: apply review suggestions for tls_min_version description * website: attempt to clean up markdown list formatting for tls_min_version * website: moar linebreaks to fix tls_min_version formatting * Revert "website: moar linebreaks to fix tls_min_version formatting" This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c. * autoconfig: translate old values for TLSMinVersion * agent: rename var for translated value of deprecated TLS version value * Update agent/config/deprecated.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent: fix lint issue * agent: fixup deprecated config test assertions for updated warning Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 19:32:25 +00:00
tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
tls_min_version = "tls11"
tls_prefer_server_cipher_suites = true
translate_wan_addrs = true
ui_config {
dir = "pVncV4Ey"
content_path = "qp1WRhYH"
metrics_provider = "sgnaoa_lower_case"
metrics_provider_files = ["sgnaMFoa", "dicnwkTH"]
metrics_provider_options_json = "{\"DIbVQadX\": 1}"
metrics_proxy {
base_url = "http://foo.bar"
add_headers = [
{
name = "p3nynwc9"
value = "TYBgnN2F"
}
]
path_allowlist = ["/aSh3cu", "/eiK/2Th"]
}
dashboard_url_templates {
u2eziu2n_lower_case = "http://lkjasd.otr"
}
}
unix_sockets = {
group = "8pFodrV8"
mode = "E8sAwOv4"
user = "E0nB1DwA"
}
verify_incoming = true
verify_incoming_https = true
verify_incoming_rpc = true
verify_outgoing = true
verify_server_hostname = true
watches = [{
type = "key"
datacenter = "GyE6jpeW"
key = "j9lF1Tve"
handler = "90N7S4LN"
}, {
type = "keyprefix"
datacenter = "fYrl3F5d"
key = "sl3Dffu7"
args = ["dltjDJ2a", "flEa7C2d"]
}]